APT Targets Leaders In CIS Countries

Government ministers and diplomats form former USSR states have been compromised in Advanced Persistent threat attack named Lurid

News has broken that thousands of computers – including those belonging to diplomats and government ministries in former USSR countries – have been compromised in an advanced persistent threat (APT) attack dubbed ‘Lurid’. Reports show that 1,465 computers, located in 61 countries, were compromised following more than 300 highly targeted attacks exploiting known vulnerabilities. The hackers also set up a command and control network to maintain persistent control over all the compromised computers. It is also thought that hackers were able to steal data from the infected machines.

Ross Brewer, managing director and vice president, international markets, LogRhythm, has made the comments:

“Lurid seems to be a classic example of an advanced persistent threat, with hackers launching well targeted and coordinated attacks against high value individuals, and then successfully staying hidden so they could gather confidential information over a period of time. It’s probable that the victims had little or no idea that they were being snooped on or that their data was at risk.

“To stop these types of attacks from ever gaining a foothold, organisations need to seriously step up their security management. As well as the obvious responses, such as patching against vulnerabilities and deploying other point solutions which can help keep out hackers, other approaches are also required if organisations are to detect hackers who have already penetrated their networks.

“Log data provides vital intelligence in the fight against APTs. Each and every time a file, desktop or server is accessed, data is produced that can be scrutinised to identify patterns of unusual or unauthorised behaviour. By automatically collecting, correlating and analysing the log data created across its entire network, an organisation can begin to understand if, what looks on the face of it to be a low level incident, is actually just one small part of a systematic and prolonged attack on its IT infrastructure.”